[ppml] Policy Proposal: Authentication of Legacy Resources

[Edward Lewis]

At 8:33 -0800 7/6/07, Andrew Dul wrote:
>I've been working on this policy with a few people from the AC for a 
>couple of months.  Given today's discussion on the PPML, it seemed 
>like an appropriate time to submit it to the policy process.
>
>==============
>
>Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0

>Legacy IP address record holders who have not signed a registration services
>agreement with ARIN will have their name server delegations for the
>in-addr.arpa zone removed starting on June 30, 2009.  All name server
>delegations shall be removed from the in-addr.arpa zone by December 31, 2009.

Speaking as a member of ARIN (persumably in good standing but I can't 
say as I don't sign the checks here) I beg that this is not done.

I rely upon ARIN maintaining and publishing information on the 
allocation of address space.  What is more important to me, as a 
paying member, is complete, accurate, and up to date information. 
What is not important to me i whether the information is about an 
organization in good, bad, or indifferent standing with ARIN.

We should always highlight the responsible/authorized party for 
address space.  Members of ARIN benefit from this.  Please don't hide 
network registrations.  (Yes, maybe the WhoIs is there, but still, 
the registrant in the reverse map is not the reliant party.)

Some questions about the rationale:

>8.	Rationale:
>
>   This policy proposal attempts to bring these legacy resource holders into a
>formal agreement with ARIN, the manager of the IP numbering resources for many
>of the legacy record holders.

Why do this?  I wish we could list the reasons why it is so essential 
to the membership to make sure legacy holders are members too, so 
essential we are willing to drop information about this space if we 
don't get what we want.  Perhaps you would rather prevent DNS queries 
from the free-loading legacy holders from being answered?

"I want the dirt about the legacy space, but if they don't want to 
pay, they shouldn't get to look stuff up about me."

>Some legacy resource holders have expressed concerns about committing to a
>registration services agreement when the legacy resource holder cannot be
>assured that they will be permitted to retain and their resources for the
>long-term.  This policy proposal also does not preclude existing legacy
>space holders, who may have signed another version of the registration
>services agreement from having the same commitment level.  It is suggested
>that the Board of Trustees formalize the annual maintenance fees for legacy
>resource holders at a level similar to the $100 USD per year for end-sites.

I have yet to see a good reason why I would (if I were in position to 
do so), choose to pay $100/year to keep what I already have or 
continue to pay nothing for what I already have.

>Given the informal relationship under which the resources were granted, ARIN
>current maintains the records including WHOIS and in-addr.arpa delegations
>in a best-effort fashion.  Many believe that ARIN may not be obligated to
>maintain these records.  ARIN has experienced some difficulty maintaining
>these records.  Legacy records have been a popular target for hijackers, in
>part due to the out of date information contained in these records.  Having
>up to date contact information would assist ARIN and ISP's in insuring the
>stability of the Internet.

ARIN is obligated to encourage this - up to date record keeping.  The 
members of ARIN are expecting ARIN to do this as part of its role in 
maintaining uniqueness in address resource utilization.  ARIN does 
rely on the registrants to perform this as the staff does not trawl 
the data for accuracy.  ARIN ought to be encouraging updates, ought 
to be lowering any barrier to voluntary updates.  Creating a barrier 
to having up to date information is the wrong course of action.

I realize that we believe that there is an incremental cost 
associated with legacy space.  If the cost of maintaining a record is 
great, I would be satisfied with giving it a label of "legacy 
allocation, information unknown".  I would like better information, 
so even if the legacy holder refuses to submit to an agreement or 
pay, I would expect ARIN to be willing to accommodate the update. 
(Assuming there is no question of authenticity of the claim.)

>Legacy resource holders who sign a registration services agreement would
>continue to receive all the services that are currently provided by ARIN
>plus they would be eligible for any future services that ARIN may offer,
>such as cryptographic signing of resource records.

I think that we ought to make it clear that legacy is legacy and we 
have no expectation of reclaiming and reassigning it.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Think glocally.  Act confused.